CNNVD-202507-2678 Information
CNNVD ID
CNNVD-202507-2678
Related CVE
- CNNVD Published: 2025-07-21
Description (Chinese)
Marshmallow Packages Laravel Nova Tiptap Editor Field是Marshmallow Packages开源的一个编辑器软件。 Marshmallow Packages Laravel Nova Tiptap Editor Field 5.7.0之前版本存在代码问题漏洞,该漏洞源于对文件上传端点认证和验证不足,可能导致任意文件上传和远程代码执行。
Description (English)
Marshmallow Packages Laravel Nova Tiptap Edator Field is an editor software for Marshalllow Packages. Marshmallow Packages Laravel Nova Tiptap Editor Field 5.7.0 had a code gap, which stemmed from insufficient authentication and authentication of the upload endpoint of the document, which could lead to any upload and remote code execution.
Hazard Level
Low
Vulnerability Type
代码问题
Affected Vendor
Marshmallow Packages
Published
2025-07-21
Last Modified
2026-02-24
References
https://github.com/marshmallow-packages/nova-tiptap/commit/fed42d2f8ebb9e3c74f1ee262c9db33567030756 https://github.com/marshmallow-packages/nova-tiptap/security/advisories/GHSA-96c2-h667-9fxp
Patch
https://github.com/marshmallow-packages/nova-tiptap/releases
Share on: